|
301061
|
- |
|
sourcetreesolutions
|
mojoportal
|
Cross-site scripting (XSS) vulnerability in ProfileView.aspx in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to inject arbitrary web script or HTML via the User ID parameter. NOTE: some of…
|
CWE-79
Cross-site Scripting
|
CVE-2010-3602
|
2024-11-21 10:19 |
2010-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301062
|
- |
|
invisionpower
|
ibphotohost
|
SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter.
|
CWE-89
SQL Injection
|
CVE-2010-3601
|
2024-11-21 10:19 |
2010-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301063
|
5.9 |
MEDIUM
Network
|
owasp
|
enterprise_security_api_for_java
|
It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.
|
-
|
CVE-2010-3300
|
2024-11-21 10:18 |
2021-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301064
|
3.3 |
LOW
Local
|
hp
redhat
fedoraproject
|
hp-ux_directory_server
redhat_directory_server
389_directory_server
directory_server
|
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2010-3282
|
2024-11-21 10:18 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301065
|
5.5 |
MEDIUM
Local
|
babiloo_project
debian
|
babiloo
debian_linux
|
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2010-3440
|
2024-11-21 10:18 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301066
|
8.8 |
HIGH
Network
|
pixelpost
|
pixelpost
|
Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.
|
CWE-352
Origin Validation Error
|
CVE-2010-3305
|
2024-11-21 10:18 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301067
|
6.5 |
MEDIUM
Network
|
rubyonrails
debian
|
rails
debian_linux
|
The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2010-3299
|
2024-11-21 10:18 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301068
|
5.5 |
MEDIUM
Local
|
mailscanner
|
mailscanner
|
The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2010-3292
|
2024-11-21 10:18 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301069
|
4.7 |
MEDIUM
Local
|
mailscanner
|
mailscanner
|
mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-…
|
CWE-59
Link Following
|
CVE-2010-3095
|
2024-11-21 10:18 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301070
|
6.5 |
MEDIUM
Network
|
cor-entertainment
debian
fedoraproject
|
alien-arena
debian_linux
fedora
|
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.
|
CWE-20
Improper Input Validation
|
CVE-2010-3439
|
2024-11-21 10:18 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
